19 matches found
Synacor Zimbra Collaboration Suite (ZCS) Server-Side Request Forgery Vulnerability
Synacor Zimbra Collaboration Suite ZCS contains a server-side request forgery vulnerability if WebEx zimlet installed and zimlet JSP is enabled...
CVE-2020-7796
Zimbra Collaboration Suite ZCS before 8.8.15 Patch 7 allows SSRF when WebEx zimlet is installed and zimlet JSP is enabled...
CVE-2025-67809
An issue was discovered in Zimbra Collaboration ZCS 10.0 and 10.1. A hardcoded Flickr API key and secret are present in the publicly accessible Flickr Zimlet used by Zimbra Collaboration. Because these credentials are embedded directly in the Zimlet, any unauthorized party could retrieve them and...
EUVD-2025-203404
An issue was discovered in Zimbra Collaboration ZCS 10.0 and 10.1. A hardcoded Flickr API key and secret are present in the publicly accessible Flickr Zimlet used by Zimbra Collaboration. Because these credentials are embedded directly in the Zimlet, any unauthorized party could retrieve them and...
CVE-2025-67809
An issue was discovered in Zimbra Collaboration ZCS 10.0 and 10.1. A hardcoded Flickr API key and secret are present in the publicly accessible Flickr Zimlet used by Zimbra Collaboration. Because these credentials are embedded directly in the Zimlet, any unauthorized party could retrieve them and...
CVE-2025-67809
An issue was discovered in Zimbra Collaboration ZCS 10.0 and 10.1. A hardcoded Flickr API key and secret are present in the publicly accessible Flickr Zimlet used by Zimbra Collaboration. Because these credentials are embedded directly in the Zimlet, any unauthorized party could retrieve them and...
PT-2025-51284
Name of the Vulnerable Software and Affected Versions Zimbra Collaboration versions 10.0 and 10.1 Description A hardcoded Flickr API key and secret are present in the publicly accessible Flickr Zimlet used by Zimbra Collaboration. An attacker with access to these credentials could impersonate the...
Zimbra Collaboration 安全漏洞
Zimbra Collaboration is an open source enterprise email and collaboration platform from Zimbra that supports email, calendar, document management and team collaboration features. A security vulnerability exists in Zimbra Collaboration versions 10.0 and 10.1, which stems from hard-coded API keys i...
CVE-2025-67809
An issue was discovered in Zimbra Collaboration ZCS 10.0 and 10.1. A hardcoded Flickr API key and secret are present in the publicly accessible Flickr Zimlet used by Zimbra Collaboration. Because these credentials are embedded directly in the Zimlet, any unauthorized party could retrieve them and...
CVE-2025-67809
An issue was discovered in Zimbra Collaboration ZCS 10.0 and 10.1. A hardcoded Flickr API key and secret are present in the publicly accessible Flickr Zimlet used by Zimbra Collaboration. Because these credentials are embedded directly in the Zimlet, any unauthorized party could retrieve them and...
CVE-2025-67809
Affected software: Zimbra Collaboration (ZCS) 10.0 and 10.1 with the Flickr Zimlet. Issue: hardcoded Flickr API key and secret embedded in the publicly accessible Zimlet allowed credential disclosure and potential impersonation during Flickr OAuth flows, enabling access to a user’s Flickr data if...
VulnCheck KEV: CVE-2020-7796
Synacor Zimbra Collaboration Suite ZCS contains a server-side request forgery vulnerability if WebEx zimlet installed and zimlet JSP is enabled...
CVE-2020-7796
Zimbra Collaboration Suite ZCS before 8.8.15 Patch 7 allows SSRF when WebEx zimlet is installed and zimlet JSP is enabled...
CVE-2020-7796
Zimbra Collaboration Suite ZCS before 8.8.15 Patch 7 allows SSRF when WebEx zimlet is installed and zimlet JSP is enabled...
Server side request forgery (ssrf)
Zimbra Collaboration Suite ZCS before 8.8.15 Patch 7 allows SSRF when WebEx zimlet is installed and zimlet JSP is enabled...
CVE-2020-7796
Zimbra Collaboration Suite ZCS before 8.8.15 Patch 7 allows SSRF when WebEx zimlet is installed and zimlet JSP is enabled...
CVE-2020-7796
Zimbra Collaboration Suite (ZCS) before 8.8.15 Patch 7 is vulnerable to SSRF when the WebEx zimlet is installed and the zimlet JSP is enabled. The issue is documented in CVE-2020-7796 and is corroborated by multiple sources (NVD, Nuclei template, Red Hat advisory, CNVD, osv.dev, etc.). Impact des...
CVE-2020-7796
Zimbra Collaboration Suite ZCS before 8.8.15 Patch 7 allows SSRF when WebEx zimlet is installed and zimlet JSP is enabled...
PT-2020-19795
Name of the Vulnerable Software and Affected Versions Zimbra Collaboration Suite ZCS versions prior to 8.8.15 Patch 7 Description The software is susceptible to a Server-Side Request Forgery SSRF attack when the WebEx zimlet is installed and the zimlet JSP is enabled. A recent surge in the...